00f31012a9e20d3c4c422ba5144f892e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00f31012a9e20d3c4c422ba5144f892e_JaffaCakes118
Size

381KB
MD5

00f31012a9e20d3c4c422ba5144f892e
SHA1

56cf8f3610dd5b5c140956d13cb27b8645e8f241
SHA256

75d05eee2633ab0470ad6185a6a6653ce22c8ff0faf6519827ae80f8a2e5c3cd
SHA512

fe723e5ff42bdd375b00320f4521601da9e126bd6c05aeda80ac1207c07600e5bf4e38e93bee98cc58727b220485184a72478ab17c627779cc69fc0db7840a92
SSDEEP

6144:/BuixtyRZwjeZPfZMiBHFW510PmC4F3OEtd8TvOyMWgRt3nmN0zGCD3s2/zz7YeS:/BuixSwjeZPfCiRWUm53OEtOvtXSnkC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f31012a9e20d3c4c422ba5144f892e_JaffaCakes118

Files

00f31012a9e20d3c4c422ba5144f892e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fe01bd42cc589494fb86166913cafb80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
CryptAcquireContextW
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext
RegCloseKey
RegQueryValueExW
EqualSid
RegQueryInfoKeyW
CloseServiceHandle
StartServiceW
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
RegOpenKeyExA

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject

kernel32

HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetVersion
HeapFree
GetLastError
GetProcAddress
LoadLibraryW
TlsGetValue
TlsSetValue
IsBadCodePtr
GetModuleHandleW
IsBadWritePtr
WideCharToMultiByte
GetACP
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ResetEvent
LocalAlloc
LocalFree
CloseHandle
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
IsBadStringPtrA
IsBadStringPtrW
DeleteCriticalSection
TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
CreateMutexW
TlsAlloc
GetProcessHeap
GetTickCount
Sleep
GetComputerNameW
GetCurrentProcessId
IsBadReadPtr
lstrlenW
lstrlenA
FreeLibraryAndExitThread
CreateThread
CreateEventW
lstrcmpiW
GetModuleFileNameW
OutputDebugStringW

msvcrt

wcslen
_wcsicmp
free
wcscpy
iswctype
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_except_handler3
_wtol
wcscspn
wcscat
iswdigit
wcscmp
__CxxFrameHandler
wcschr
_wtoi
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
_vsnprintf
wcsrchr

rpcrt4

RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

rtutils

TraceDeregisterW
TraceRegisterExW
TraceVprintfExA

shlwapi

ord217
ord346
StrChrW
StrToIntW
ord191
StrCmpIW
StrCmpW
StrCpyNW
StrCmpNW

user32

PostMessageW
DestroyWindow
DefWindowProcW
RegisterClassW
LoadStringW
GetUserObjectInformationW
GetThreadDesktop
GetSystemMetrics
IsWindow
wsprintfA
wsprintfW
SendMessageW
EnableWindow
GetDlgItem
SendDlgItemMessageW
EndDialog
GetClientRect
CheckRadioButton
SetWindowTextW
SetFocus
GetFocus
GetWindowTextW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetParent
MessageBeep
SetForegroundWindow
EnumWindows
MessageBoxW
IsWindowEnabled
ShowWindow
GetKeyState
SetWindowPos
CreateWindowExW
KillTimer
SetTimer
GetWindowRect
CloseClipboard
CallWindowProcW
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
SetDlgItemInt
GetDlgItemInt
WinHelpW
GetActiveWindow

winmm

waveInMessage
waveOutMessage
midiInMessage
midiOutMessage

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ggu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 172KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe01bd42cc589494fb86166913cafb80

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

rpcrt4

rtutils

shlwapi

user32

winmm

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 8KB

.idata Size: 172KB - Virtual size: 172KB

.ggu Size: 512B - Virtual size: 4KB

.orpc Size: 172KB - Virtual size: 216KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 8KB

.idata
Size: 172KB - Virtual size: 172KB

.ggu
Size: 512B - Virtual size: 4KB

.orpc
Size: 172KB - Virtual size: 216KB

.rsrc
Size: 6KB - Virtual size: 6KB